In a massive data breach, UnitedHealth Group has confirmed that a ransomware attack on its subsidiary Change Healthcare has exposed the private data of over 100 million people, making it the largest healthcare data breach on record.

The attack, which occurred in February, was carried out by the hacker group Blackcat, also known as ALPHV. The group gained access to Change Healthcare's systems using stolen credentials for a Citrix remote access service that lacked multifactor authentication. They then moved laterally within the systems and exfiltrated data, deploying ransomware nine days later.

The stolen information includes sensitive data such as Social Security numbers, health insurance information, medical records, and billing and payment information. UnitedHealth paid a $22 million ransom, but another operation may have secured a second ransom payment.

This breach highlights the vulnerability of healthcare systems to cyber attacks and the importance of robust security measures, including multifactor authentication, to protect sensitive data. The incident also raises concerns about the security of healthcare providers' systems and the need for greater transparency and accountability in the industry.

The breach is a stark reminder of the importance of data privacy and security in the healthcare sector, and the need for companies to prioritize the protection of sensitive information.